|Summary:||RFE: vlock should be able to lock terminals when execute from a daemon|
|Product:||Red Hat Enterprise Linux 6||Reporter:||Gal Hammer <ghammer>|
|Component:||vlock||Assignee:||Karel Zak <kzak>|
|Status:||CLOSED NOTABUG||QA Contact:||BaseOS QE - Apps <qe-baseos-apps>|
|Fixed In Version:||Doc Type:||Enhancement|
|Doc Text:||Story Points:||---|
|Last Closed:||2010-11-15 13:08:58 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
|Bug Blocks:||565939, 641886|
Description Gal Hammer 2010-11-14 16:20:23 UTC
In RHEV-M, when a user, using a SPICE client to connect to a guest, close the connection, the vdsm tells the guest agent to lock the machine. The RHEV-agent daemon tries to lock the machine by calling "/usr/bin/vlock -a" but the execution always fails. It is possible to lock the virtual terminals this way?
Comment 2 Karel Zak 2010-11-15 11:06:59 UTC
(In reply to comment #0) > In RHEV-M, when a user, using a SPICE client to connect to a guest, close the > connection, the vdsm tells the guest agent to lock the machine. The RHEV-agent > daemon tries to lock the machine by calling "/usr/bin/vlock -a" but the > execution always fails. What does it mean "execution fails"? (do you have any error message?) > It is possible to lock the virtual terminals this way? I think that "vlock -a" makes sense on standard consoles (tty0 ... tty16) on machines where all consoles are accessible from the same physical place. The "vlock -a" does not lock all consoles, it locks the *current console* and controls switching between consoles (e.g. Alt-Fn keys). So after "vlock -a" you cannot use or leave the current console without a valid password. That's all.
Comment 3 Gal Hammer 2010-11-15 12:33:56 UTC
(In reply to comment #2) > What does it mean "execution fails"? (do you have any error message?) I'm using Python's subprocess.call. The function returns 1 when I execute vlock. > The "vlock -a" does not lock all consoles, it locks the *current console* and I'm okay with this behavior. The problem is that I'm executing vlock as a daemon which doesn't have a *current console* to lock.
Comment 4 Karel Zak 2010-11-15 13:08:58 UTC
vlock opens /dev/tty, this special device is associated with the current process terminal. Yes, it probably does not makes sense to call vlock -a from any daemon if the daemon is outside the current session (terminal). I have no clue how to fix your problem. Try to ask at tech-list.
Comment 5 Tomas Mraz 2010-11-15 13:38:05 UTC
IMO the most appropriate way for locking the consoles on a guest is to reserve one of the consoles for the vlock and in case of timeout switch into this console and run vlock -a in it.